Comment 0 for bug 252351

Revision history for this message
ceg (ceg) wrote : provide some info about users and file permissions

Binary package hint: debian-installer

Following is a little informative text for the "set up users and passwords" stage:

---
It is easy for multiple users to collaborate on a debian/ubuntu system.

Just keep in mind that access to files always depends on the permissions of the file itself AND the permissions of the directory path to it. Files are by default readable for whoever has access to them, just as paper files are, but not writeable. If you don't want others to read your files, keep them in a private/ subdirectory. The path into your home directory is not restricted, just as the path others can take to ring your bell at home. As a matter of fact you may post some files on your door for others or to read, many services act on config files that you deposit in your home path. Besides other users may want to leave files for you personally in your incomming/ directory.

In debian the primary group of each user is by default a private user group, the single member being the user itself. This allows to grant group write permissions to created files by default. No one exept the owning user will be able to write to the file if it has not been created in a group directory.

Group directories (directories with the set-group-id flag set) are special places that all users are able to visit and the members of the group that owns the directory will be allowed to write files in it. Files created in these places will belong not only to the creating user but to the group. Other than that, group directories work simmilar as home directories, the group can keep files that should be readable only by group members in a private subdirectory.

Group directories may be set up by regular users in their home directories, or in /home/shared by the system administrator or the addgroup command.
---

Things that ease collaboration further:

create:
/etc/skel/priv or private (drwxrwx---)
/etc/skel/incomming (drws--s-wt or something)
/home/shared/users (drwxrwsr-x root:users)

For the latter to work /etc/security/groups needs to contain "*;*;*;Al0000-2400;users" then all users will automatically belong to the "users" group on systems with private user groups)

(a /etc/skel/public might be misleading, so we leave this one out)